IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Chasing ghosts?
Glen wrote:

Now I'm changing all the passwords in the system. Then, I'll start looking at all the listening processes on the system. They can attack something that isn't listening.

Umm..., is the only reason you think you've suffered security compromise the fact that suddenly what you thought was your root password didn't work, and you weren't entirely sure whether you'd changed it? No other signs of break-in whatsoever? That sounds more than a little thin.

However, if you haven't looked at all the listening processes on the system, it's indeed about time. I'm curious about how you're doing that without trusting any of the tools on the suspect system.

(Yes, I am being mildly ironic. How to examine a running system for signs of compromise is a difficult problem.)

Rick Moen
rick@linuxmafia.com


If you lived here, you'd be $HOME already.
New Now I'm thinking I changed it...
The passwd file was dated 7/12, and that's the date I installed apache2 and php. I set up a tester web server with PHP installed on that very date.

I've been getting the latest apt-get about once every two weeks. Maybe I need to be a little more vigilant about that.

I'll take a look at snort, and I'll get the rest of the list from my "hacker" co-worker. I'd like for this system to be pretty "hard", if it can be.

Glen Ausitn
     Help! - (gdaustin) - (15)
         Use the install CD - (pwhysall) - (9)
             Not quite that easy, but I think I have it fixed.... - (gdaustin) - (7)
                 Fixed... - (gdaustin) - (6)
                     Shouldn't you be fixing this at the firewall? - (pwhysall) - (2)
                         This box IS my firewall... - (gdaustin) - (1)
                             Re: This box IS my firewall... - (pwhysall)
                     If you haven't already - (orion)
                     Chasing ghosts? - (rickmoen) - (1)
                         Now I'm thinking I changed it... - (gdaustin)
             Re: Use the install CD - (gdaustin)
         Root password, rooted box - (kmself) - (4)
             Re: Root password, rooted box - (rickmoen) - (2)
                 Forensics - (kmself) - (1)
                     Re: Forensics - (rickmoen)
             Exactly what I did... - (gdaustin)

Gifts to acquaintances and coworkers should be delivered with as much warmth and sincerity as you can fake.
36 ms